🎯Hunting Tips

Tips for finding suspicious packages

Project Links - Github

Malicious packages imitating another package will use the same Github link. Look for PyPI packages that link to the same Github project. If the package was also uploaded recently, then that is a strong indicator of a malicious package.

New Package with lots of Stars

When a package uses a Github link of another project, that package will also reflect the Github stats the project has on PyPI. Look for newly uploaded packages with a large amount of Github stars (1,000+).